Project

General

Profile

Actions
Copy link

Bug #4784

closed

IPsec mobile fails with VPNC and "Network List" after 2.2.x upgrade

Added by Jody Rudolph over 9 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Chris Buechler
Category:
IPsec
Target version:
-
Start date:
06/22/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.x
Affected Architecture:

Description

We usually use a wrapper client (Shimo) for vpnc that helps us with some route automation, but for purposes of simplification in troubleshooting this, I have recreated the exact error with a bare vpnc install. Same error seen on any version of VPNC I have managed to try. Always recreated.

Error on Client side:

Jodys-MacBook-Pro:vpnc jrudolph$ sudo /usr/local/sbin/vpnc
Enter IPSec gateway address: X.X.X.X
Enter IPSec ID for X.X.X.X:
Enter IPSec secret for @X.X.X.X:
Enter username for X.X.X.X: jrudolph
Enter password for :
configuration response rejected: (ISAKMP_N_PAYLOAD_MALFORMED)(16)

Error on Server Side:

Server:

Jun 21 17:32:27 charon: 05[CFG] <con1|12> lease 10.255.0.193 by 'jrudolph' went offline
Jun 21 17:32:27 charon: 05[IKE] <con1|12> deleting IKE_SA con112 between XXXXXXXXXXXXX....XXXXXXXXXXXX
Jun 21 17:32:27 charon: 05[IKE] <con1|12> deleting IKE_SA con112 between XXXXXXXXX...XXXXXXXXXXXXXXX
Jun 21 17:32:27 charon: 05[IKE] <con1|12> received DELETE for IKE_SA con112
Jun 21 17:32:27 charon: 05[IKE] <con1|12> received DELETE for IKE_SA con112
Jun 21 17:32:27 charon: 05[ENC] <con1|12> parsed INFORMATIONAL_V1 request 54 [ HASH D ]
Jun 21 17:32:27 charon: 05[NET] <con1|12> received packet: from XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Jun 21 17:32:27 charon: 11[IKE] <con1|12> received PAYLOAD_MALFORMED error notify
Jun 21 17:32:27 charon: 11[IKE] <con1|12> received PAYLOAD_MALFORMED error notify

All tunnels were working up until upgrade

Client OS: Latest Apple OSX
Client: vpnc
Auth Method: PSK + XAuth

PHASE 1 Settings:

Key Exchange: V1
IP: V4
Interface: Carp Virtual IP Interface

Auth Method: Mutual PSK + XAuth
Negotiation: Aggressive
My Id: My IP Address
Peer Id: UDN
psk: <psk here>

Enc: AES256 (or 128)
Hash: SHA1
DH Group: 2

NAT-T: Force/Auto
DPD: On 10/5 / or off

PHASE 2 Settings:

Mode: TunIP4
Type: Network
No NAT/BINAT

Protocol: ESP (tried auth only)
Enc: AES256 (or 128)
Hash: SHA1
PFS Key Group: 2
Lifetime: 28800 (tried many combos here)

Mobile Clients Settings:

User Auth: Local DB
Group Auth: System

Network List Checked
Save XAuth Checked (I think this was unchecked before but got checked during my 6 hours trying to make this work)

Phase 2 PFS Group: Checked and 2

Files

Download all files
ipsec.log (499 KB) ipsec.log anonymized logfile Edward Roper, 06/26/2015 02:49 PM
Screen Shot 2015-06-30 at 10.07.09.png (150 KB) Screen Shot 2015-06-30 at 10.07.09.png David Harrigan, 06/30/2015 04:11 AM
Screen Shot 2015-06-30 at 10.07.49.png (116 KB) Screen Shot 2015-06-30 at 10.07.49.png David Harrigan, 06/30/2015 04:11 AM
ipsec-log.rtf (40.1 KB) ipsec-log.rtf David Harrigan, 06/30/2015 04:11 AM
Actions
Copy link

Also available in: Atom PDF